The Ethics of Electronic Health Records

January 15, 2010

John J. Mercuri

Faculty peer reviewed

Introduction
The 111th Congress allocated $19 billion of the American Recovery and Reinvestment Act of 2009 toward the creation of an electronic health record (EHR) for each person in the United States by 2014.(1) The recent debate over EHRs has focused largely on the economic, logistical, and political consequences of implementing such a system; however, the country should also contemplate the ethical ramifications of EHRs. Addressing these concerns requires the application of ethical principles such as autonomy, justice, beneficence/non-maleficence, and privacy and confidentiality.

Autonomy
Positively, autonomy means allowing “individuals to make their own choices and develop their own lives in the context of a particular society and in dialogue with that society;” negatively, “autonomy means that one human person, precisely as a human person, does not have authority and should not have power over another human person.”(2)(p29) Any type of EHR system must maintain respect for patient autonomy, and decisions must be made about the access, content, and ownership of the records.

People are shifting many daily activities to the Internet, and the growth of social networking websites has given people the ability to control and define their online presence.(3) Mandl, Szolovits, and Kohane note that autonomous patients will expect to access their EHRs with relative ease, and many patients might desire a level of control over their records’ content. Such a high level of patient autonomy conflicts directly with the medical and legal utility of a health record. For this reason, patients should be restricted from modifying or deleting any of the content entered by health care professionals; however, it should be acceptable for autonomous patients to view, annotate, or challenge the record with relative ease.4 This type of access might actually result in a higher quality document because patients will act as proofreaders of their own health histories.

The ownership of EHRs must also respect patient autonomy. Autonomous patients will argue that they are the rightful owners of the intimate information contained in their EHR. As with other types of electronic media, however, the companies that create EHR software or maintain the data storage servers might claim ownership of the data.(4) Similarly, individual health care providers and hospitals might argue for ownership of the information. These obvious conflicts between economic and personal value, professional and patient autonomy, and business interests must be rectified both ethically and legally before EHRs are implemented widely across the health care system.(5)

Justice
Justice is commonly defined as “fairness.”(6) With respect to health care, justice refers to society’s “duty to provide its members with access to an adequate level of health care that fulfills basic needs.”(2)(p245) EHR systems are most beneficial when they are user-friendly, fully integrated, easily searchable, and built with well-designed hardware and software.(7,8) Such EHRs have the potential to help the health care system provide higher quality care to a larger number of people, thus making the system more equitable through improved efficiency and effectiveness. On the other hand, EHRs also have the potential to create new injustices. A so-called digital divide already exists between different socioeconomic groups, with greater computer and Internet access and usage among people of higher socioeconomic status.(9) EHRs might exacerbate this preexisting technology gap, thereby hindering patients of lower socioeconomic status from gaining the full benefits of an accessible EHR system.

Beneficence/Non-maleficence
These two principles are literally defined as “do good” and “avoid evil,” respectively. Applied broadly, however, these definitions are so vague that they are practically useless.(2)(p57) Thus, this essay will discuss beneficence in relation to using the data stored in the EHR system and non-maleficence in relation to protecting the data.

A large, interconnected system of EHRs will contain a massive amount of raw data, and great potential will exist to conduct groundbreaking biomedical and public health research. Such research will do good not only to the health of individual patients, but also to the health of society as a whole. Therefore, as new EHR systems are designed, patients should be given the ability to release information from their EHRs to scientists and researchers.(4,10,11) Likewise, approved researchers should be given permission to easily access and analyze data that is made public. Developing a large, research-compatible system of EHRs will be costly and legally challenging; however, the long-term benefits will be more valuable than the initial costs.(12)

The integrated data storage of an EHR system also creates several potential harms, as described by Mandl, Szolovits, and Kohane. First, temporary outages of the EHR system will, at a minimum, hinder the work of health care professionals or, worse, cause significant patient morbidity or mortality. However, total system failures and the loss of patient data present an even greater danger than temporary outages. Since the loss of health data is unacceptable in any circumstance, all data must have multiple back-ups that can be quickly and easily recovered. Second, a foolproof security system for electronic data has never been developed. Medical records contain some of the most sensitive information about an individual. If EHR systems cannot maintain the highest level of data security, patients could suffer a variety of harms.(4)

Privacy and Confidentiality
“Confidentiality is concerned with keeping secrets… A professional secret is knowledge that, if revealed, will harm not only the professional’s client, but will do serious harm to the profession and to the society that depends on that profession for important services.”(2)(p117-119)

The confidentiality of a patient’s medical information is sacred in the health care profession. Mandl, Szolovits, and Kohane note that health records contain intimate information that, if revealed, could result in anything from minor embarrassment to the loss of insurance or employment. The maintenance of strict confidentiality creates an environment that facilitates the privileged and unrestricted sharing of sensitive information between a physician and a patient. Any breach of privacy will irreparably damage this unique doctor-patient relationship. In the absence of confidentiality, patients might not fully disclose important facts; even worse, patients might avoid medical care entirely. (4)

Unfortunately, as mentioned earlier, privacy might conflict with the beneficence of an integrated EHR system. EHRs will certainly be most secure if patient data were the patient’s private property; however, good public policy can both protect privacy and provide a level of openness that will benefit the public health most fully.(9,13,14) For example, in order to protect simultaneously both patient privacy and autonomy, Mandl, Szolovits, and Kohane propose not only enabling patients to make decisions about how much of their EHRs they wish to make public to scientists and researchers, but also enabling them to give certain health care providers different levels of access to their EHRs. Although allowing patients to set the access level of various health care providers will certainly respect their confidentiality, it might inadvertently harm their medical care by preventing providers from accessing the information they need.(4) Ultimately, patients will have to balance this risk with their desire for privacy.

Conclusion
This essay has briefly surveyed how the ethical principles of autonomy, justice, beneficence/non-maleficence, and privacy and confidentiality apply to a large, integrated system of EHRs. Clearly, the ethical consequences of such a system should be part of the current public debate over health care reform.

John Mercuri effectively argues the importance of applying ethical standards to the current debate on EHRs. Patient ownership of their data, in terms of both content and privacy, is key. As electronic patient records (albeit stripped of their protected health information) are sought by pharmaceutical and insurance companies, policy-makers, and researchers, there is great potential for both financial and personal harm to individuals if the data are not fully protected. Further, inherent conflicts of interest arise when the same companies that maintain electronic patient data also sell the much sought-after information from their data warehouses, a practice that happens today. Clearly, there are numerous benefits to EHRs; however, we are reminded by Mr. Mercuri of the importance of including these ethical considerations in the current debate.

2 Responses to The Ethics of Electronic Health Records

Federal funding may be encouraging a move toward EHR, but there’s more to it than just installing systems. How can healthcare data pooling lead to a better system? More at http://www.healthcaretownhall.com/?p=2002

I agree that many ethical issues exist with regards to EHR’s. Additionally, many assumptions about the benefits of electronic records are just that, assumptions. There will be an increase in the length of records, making it almost impossible to read previous notes and including so much information that is not relevant. Issues such as medication reconciliation are also not addressed by EHR’s. Will data be generated? Yes. Will quality of care improve? I think that question is to be determined.

Trip Database

Meta

Subscribe to receive new articles

Leave This Blank:Leave This Blank Too:Do Not Change This:

Your email:

Comments and questions? Please contact Us.
Copyright New York University
All rights reserved. Electronic ISSN 1944-0030.
The content of this site is intended for health care professionals.
clinicalcorrelations.org is in the cloud